<%@page import="Configurations.SALT"%>
<%@page import="Configurations.MySQL"%>
<%@page import="java.sql.DriverManager"%>
<%@page import="java.sql.PreparedStatement"%>
<%@page import="java.sql.ResultSet"%>
<%@page import="java.sql.Connection"%>
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@taglib prefix="sql" uri="http://java.sun.com/jsp/jstl/sql"%>
<%-- 
    Document   : login.jsp
--%>

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<%
    String username = request.getParameter("username");
    String password = request.getParameter("password");
    // Passwords are stored in encrypted form
    try {
        password = SALT.encrypt(password);
    } catch (Exception probablyNot) {
    }
    Connection con = null;
    ResultSet rs = null;
    PreparedStatement ps = null;
    try {
        Class.forName(MySQL.DB_DRIVER);
        con = DriverManager.getConnection(MySQL.DB_URL, MySQL.DB_USER, MySQL.DB_PASS);
        String sql = "SELECT * FROM " + MySQL.DB_LOGIN + " WHERE " + MySQL.DB_LOGIN_USERNAME + "=? and " + MySQL.DB_LOGIN_PASSWORD + "=?";
        ps = con.prepareStatement(sql);
        ps.setString(1, username);
        ps.setString(2, password);
        rs = ps.executeQuery();

        System.out.println("Username entered: " + username);
        System.out.println("Password entered: " + password);
        System.out.println("Query for username and password from logins: Successful");

        if (rs.next()) {
            System.out.println("Matching username and password combination was found.");

            session.setAttribute("authorized", true); // Allow access
            session.setAttribute("username", username); // which user is logged in
            if (rs.getInt(MySQL.DB_LOGIN_ISCHAIR) > 0) { // user is a chair
                session.setAttribute("isChair", true);

                System.out.println("User is a chair.");
            } else {
                System.out.println("User is not a chair.");
            }// Do nothing on bad login
        } else {
            System.out.println("No matching username and password combination was found.");

            session.setAttribute("authorized", false);
            session.setAttribute("username", "");
        }
    } catch (Exception e) {
        System.out.println("Error establishing connection to MySQL database.");
        e.printStackTrace();
    } finally {
        try {
            rs.close();
            ps.close();
            con.close();
            /* Send user to home page if logged in */
            if ((Boolean) session.getAttribute("authorized") == true) {
                System.out.println("User is logged in. Redirect to homepage.");
                pageContext.forward("index.jsp");
            }
        } catch (Exception e2) {
            e2.printStackTrace();
        }
    }
%>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <link rel="stylesheet" type="text/css" href="style.css"/>
        <title>Login</title>
    </head>
    <body>
        <div id="content">
            <h1>Graduate Application Review System</h1>
            <%-- Login Form --%>
            <form action="" method="post" class="login">
                <table border="0" class="loginTable">
                    <thead>
                        <tr>
                            <th></th>
                            <th></th>
                        </tr>
                    </thead>
                    <tbody>
                        <tr>
                            <td>Login:</td>
                            <td><input type="text" name="username" size="20"/></td>
                        </tr>
                        <tr>
                            <td>Password:</td>
                            <td><input type="password" name="password" size="20"/></td>
                        </tr>
                        <tr>
                            <td><input type="submit" value="Login"/></td>
                        </tr>
                    </tbody>
                </table>
                <div id="errorMessage">
                    <%
                        if ((!(request.getParameter("username") == null)
                                || !(request.getParameter("password") == null))
                                && ((Boolean) session.getAttribute("authorized") == false)) {
                            out.print("Invalid Login Credentials");
                        }
                    %>
                </div>
            </form>
        </div>
    </body>
</html>